Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Only webmail SSL

Here's what I'm trying to do.

I'd like to make it so my webmail using SquirrelMail runs over SSL, but that the rest of the domain's directories are not encrypted.

So far I've been able to accomplish this by creating a second nearly identical site under Server Admin > Web > Sites and making the second site use SSL and point it's web server alias to example.com/webmail. This seems to work as I can access other parts of the site using http and webmail only using https.

Here's my question. First, I'm not sure if this is the correct way of setting this up but it seems to work. More importantly, I'd like to make it so I get URL rewriting from 'http://example.com/webmail' to 'https://example.com/webmail'

I've tried most things I can think of but I just can't seem to get this to work. Any ideas?

Mac OS X (10.5.2)

Posted on May 20, 2008 1:41 PM

Reply
Question marked as Best reply

Posted on May 20, 2008 8:11 PM

OK,

On the SSL site, you of course have Webmail enabled. On the Non-SSL site, it should NOT be enabled.

On the Non-SSL site, you should setup a RedirectMatch under Aliases and Redirects as follows:

Pattern: /webmail(.*)
Path: https://example.com/webmail$1

The (.*) and the $1 means that if they typed anything AFTER webmail that will remain on the URL when redirected to https.

Now, what do you want to happen when the user navigates to a non=webmail part of the site over ssl? Do you want it to rewrite them back to http or is this enough?

EDIT: i accidentally hit the post message too soon.
19 replies
Question marked as Best reply

May 20, 2008 8:11 PM in response to Andy Fragen

OK,

On the SSL site, you of course have Webmail enabled. On the Non-SSL site, it should NOT be enabled.

On the Non-SSL site, you should setup a RedirectMatch under Aliases and Redirects as follows:

Pattern: /webmail(.*)
Path: https://example.com/webmail$1

The (.*) and the $1 means that if they typed anything AFTER webmail that will remain on the URL when redirected to https.

Now, what do you want to happen when the user navigates to a non=webmail part of the site over ssl? Do you want it to rewrite them back to http or is this enough?

EDIT: i accidentally hit the post message too soon.

May 20, 2008 9:45 PM in response to Andy Fragen

Hmmm...

I did some testing to see if I could accomplish this in Server Admin, but no luck. I can't seem to get a RedirectMatch rule to accept the NOT operator which is the exclamation point.

SO, you'll have to delve into the virtual host config file in /etc/apache/sites/yourSSLconfigfile

In there, you'll see an IF statement checking to see if mod_rewrite is active. I've inserted the middle two lines inside that as follows:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/webmail
RewriteRule (.*) http://example.com$1
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</IfModule>


You might find that you need to exclude other directories or paths too. Just add those as additional RewriteConditions, e.g.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/webmail
RewriteCond %{REQUEST_URI} !^/calendar
RewriteCond %{REQUEST_URI} !^/secure
RewriteRule (.*) http://example.com$1
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</IfModule>


EDIT: If preferred this can be accomplished using .htaccess files instead of config files, but you must allow overrides in the virtual host settings to permit the use of .htaccess files

Message was edited by: jaydisc

May 21, 2008 1:05 AM in response to Andy Fragen

I was able to split my site this way:

1. Main site non-SSL setup as "http://example.com" with redirect for "/webmail" to "https://webmail.example.com". I have webmail support selected for this site, but I do not think it is necessary (I've been meaning to test that theory though).

2. Webmail site with SSL setup as "https://webmail.example.com" with its directory pointing to "/usr/share/squirrelmail/src" without webmail support selected for that site.

It worked for me under 10.4 and now with 10.5.

May 21, 2008 12:14 PM in response to Andy Fragen

Ah, sorry. I forgot to add that you need to put an entry for webmail in DNS:

webmail IN CNAME yourservername

Then restart DNS. (I don't use Server Admin to do this as I have found it tends to do odd things to the files).

That should make it work. I'm not sure if it works with virtual domains though. I host other websites, but only email for one domain.

May 21, 2008 3:01 PM in response to Andy Fragen

I just checked my configuration. For default index files I have not only index.html and index.php but login.php. Squirrelmail goes directly for the login.php in the source directory. Also, I just noticed from past notes that I've used both "/usr/share/squirrelmail/" and "/usr/share/squirrelmail/src/" at various times. Both should work though.

Last, I realized from my notes that I had this set up a few years ago with a vitual domain being hosted for email, so it should be good for that too.

May 21, 2008 3:21 PM in response to D Little

D Little thanks so much for your perseverance. It was that last little bit that made it work.

1. Add "login.php" to default index files
2. Web folder is "/usr/share/squirrelmail"

It seems that '/usr/share/squirrelmail/src' didn't quite work.

I'm very happy. Now I have a single new domain "webmail" using SSL and every other virtual domain I have with webmail points to it and works.

Thank you jaydisc and D Little.

May 21, 2008 4:57 PM in response to Andy Fragen

That's a good question. If the user goes to yourdomain.com/webmail he will be redirected properly to https, but if he directly inputs http://webmail.yourdomain.com he should just hang.

I don't know that in OS X you can do that through SysAdmin. There are several solutions posted on the web. Search "httpd.conf redirect https" to see what suits you best. They all seem to need direct editing of either the httpd.conf or htaccess files. Either way, it should be doable.

May 21, 2008 5:14 PM in response to D Little

We sort of have to integrate the two solutions.

Site 1: www.domain.com - normal website, only http

Site 2: webmail.domain.com - SSL website - configured as discussed. i.e. /usr/share/squirrelmail/etc

Site 3: webmail.domain.com- normal HTTP - source directory irrelevant as it has the following RedirectMatch catching and passing everything:

Pattern: (.*)
Path: https://webmail.domain.com$1


Voila!

Message was edited by: jaydisc

May 22, 2008 8:58 AM in response to jaydisc

jaydisc that works great for a single virtual domain. But I'm using webmail.domain1.com, webmail.domain2.com and webmail.domain3.com.

I tried to alter the RedirectMatch as follows:

Patttern: webmail(.*)
Path: https://webmail$1


Clearly I'm doing something wrong cause it doesn't work. I assume the Path isn't set up right. Any ideas on how to set up the RedirectMatch for the webmail:80 site. I've actually got a single webmail:443 site working for multiple virtual domains. It's just this last step. I'd like to be able to do it in a single site ie webmail:80 and not for each virtual domain as webmail.domain1:80, webmail.domain2:80 etc.

BTW, you guys are great.

Only webmail SSL

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.